CEH vs OSCP? But before listening to my opinion on this, let me tell you a few words about me. I’m a penetration tester for over 5 years, I'm a Security trainer for over 12 years, I’m CEH, ECSA and CHFI instructor, OSCP, ISO 27001 Lead Auditor and Crest CRT certified (among others). And this question is a something I hear a lot. And is not an easy, universal answer. But I’ll try to simplify for you, as much as I can. And yes, I know there are plenty of others certifications and training out there, but I will tell you about what I know from my own experience. And no, there is no easy and quick way to success, even with both certifications!
The answer really stays in the experience you already have, what’s your goal, budget, your patience, and dedication. If you are at the beginning of the road and you want a career in Ethical Hacking, then this article is for you.
To answer the question in a sentence: the comparison is not fair. You cannot directly compare them, is like comparing apple with pears. Why? Continue reading.
Let me tell you about each of them. CEH has a more theoretical approach, with limited hands-on labs, designed for people without great (offensive) security knowledge. No matter how you attend the course you will have plenty of materials to learn from. The course is structured in 18 modules that cover all the steps of penetration testing, from network to web, mobile, and cloud, tools, and techniques, also some countermeasures. Its more like overview of the attacks, more theoretically explained it's not getting into in depth, low-level details. But if your offensive security knowledge is limited, then this should be your cornerstone for your ethical hacking career. If you want to understand concepts and attacks, then you should start with this. Most of the time, you would learn for CEH in a five-day, instructor lead, 8 hours a day training. The exam is multiple choice, single answer, 125 questions in four hours.
OSCP has a more self-study (research) hands-on approach. You will be provided with some videos and pdf explaining the certain attacks. It’s getting quite technical, in depth. You will rather see tools and attacks in action, than concepts and list of attack types. It’s fully hands on, you are required to do the attacks yourself as well. The videos and PDFs provided are actually only the start. You will be required to access via VPN to a lab network where you, among other students, are required to hack and gain full control of over 50 servers in three different networks. You have to hack, you read correctly. No help, no instructor, nobody, only you. You have some hints from time to time on some mIrc channels, but their motto is “Try harder!”. And you have to self-study, research using what you know and methods learned in the video course to discover and exploit different vulnerabilities. No more concepts, real hands on. Real attacks, real hacking. There are several packets you can buy, depending for how many months you want access to the lab. One, three or even more. The exam is 48 hours long, you will take it from home like the rest of the course. First 24 hours you have to hack 5 servers and 24 hours to write your report. In order to finish the course with three-month lab access, you need some hands-on experience and hacking background.
As a bottom line, both are well known, valued and appreciated certifications. And in my opinion, the correct approach for a beginner would be CEH, then ECSA (from EC-Council as well) and then OSCP. Or a faster way would be CEH, then OSCP. Because OSCP is difficult or even impossible without a previous offensive knowledge. If you want to understand ethical hacking and offensive security, start with CEH. If you want to practice and perform penetration testing, continue with the others as well. So just remember, when you think you know a lot, you know nothing. But just keep trying harder!
But still, if you want to learn hands-on penetration testing without a fancy certification, if you are only a beginner or even an advanced hacker, I have created plenty of online video courses, about hacking and infrastructure. See them all here https://learn.ituniversity.ro and contact me for latest offers and updates. Right now I'm running a campaign for "Complete White Hat Hacking & Penetration Testing Bundle" of over 20 hours of video content accessible for only $50 using the BECOMEHACKERLKN coupon.